Job Title: Application Security Penetration Tester
The ideal candidate will possess a deep understanding of attack surfaces in modern compiled applications and operating systems. Candidates must demonstrate the ability to analyze closed source application using a number of off-the-shelf or custom developed tools. Additionally, the ideal candidate will be able to work efficiently under minimal supervision and be able to deliver results that meet or exceed internal and client expectations.
This role is specifically an application assessment and exploit development role. As such, specific emphasis will be placed on the Java programming language in order to be proficient in code auditing and the ability to identify logic flaws in targeted Java applications. Moreover the candidate should demonstrate mastery of static and dynamic analysis techniques for detecting application vulnerabilities specifically for the Java platform such as SQL injections, cross-site scripting, code injection, path traversal, etc.
DUTIES & RESPONSIBILITIES:
- Manual and automated enumeration of target application attack surface
- Creation of custom attacks and analysis tools tailored for closed source applications
- Detailed documentation and communication of all completed work in a narrative format
- Ability to conduct assessments outside of traditional working hours
- Work at client locations as necessary
The ideal candidate should possess a detailed knowledge of one or more of the following technologies:
- Reverse engineering concepts, techniques and tools
- Working knowledge of modern application and operating system defense concepts
- Ability to analyze and assess proprietary communication protocols
- Extensive knowledge of C++, Java, PHP, Assembly programming languages
- Web application defenses and weaknesses
- Source code analysis software
- Strong written and verbal technical communication skills
QUALIFICATIONS & EXPERIENCE:
- Documented experience operating within high security environments
- Exploit development for native Windows, OS X and Linux applications
- Exploit development for web applications
- Application source code security audit
- Proven track record in infosec consulting engagements
- Experience with traditional vulnerability and penetration testing techniques and tools
- At minimum holds the Offensive Security Certified Expert (OSCE) certifications
Job Title: Student Tech Admin
An Offensive Security Student Administrator is responsible for providing technical support and guidance to Offensive Security students via support email, and Live Chat. In addition, based on the candidate’s strengths and preferences, duties will include maintaining the student VPN labs, updating and maintaining Offensive Security websites, and other operational tasks as required.
The Student Administrator role is a full-time salaried position with shift work required, including evenings and weekends. This position is staffed from 6:00- 4:00 GMT and we are currently seeking candidates who can work during the 07:00-15:30 GMT shift. Ideal candidates would also be able to complete training with a mentor who may work on a shift outside their permanent shift following training. All work is performed from a home office working with a global team.
DUTIES AND RESPONSIBILITIES:
- IT support on technical related requests via support email, Live chat, forum moderation and community channels
- Troubleshoot and provide technical support for Linux operating systems
- Troubleshoot VPN, remote access, and RDP
- Setup, deploy, and configure Offensive Security lab systems
- Network administration and maintenance of local area network services such as firewalls, servers, and other devices
- Ongoing maintenance and improvements in virtualization infrastructure
- Maintain technical problems history through a ticketing system
- Proactively and reactively look for solutions to prevent problems from occurring
- Participating in projects for the implementation of new functions, services, etc.
- Assisting other team members as needed
- Perform other duties as assigned
QUALIFICATIONS & EXPERIENCE:
- Employment Requirements:
- OSCP and/or OSCE certification
- Fluency in reading, writing, and comprehension of English
- 3+ years of well-rounded IT experience
- 2+ years of recent experience on server side technologies and management
- 2+ years experience providing end-user technical support and desire to provide high quality customer service to our students
- 2+ years experience operating and troubleshooting Linux and Windows operating systems
- Familiarity with enterprise-level networking configuration
- Excellent interpersonal and customer service skills
- Strong attention to detail, with excellent analytical and investigation skills
- Ability to work unsupervised in a high pressure environment
- Exceptional multi-tasking abilities and prioritization skills
- A strong belief and understanding of being a team player in a remote working environment
- Strong knowledge of networking, virtualization, Windows, storage, and backup
- Prior experience working remotely
- Experience working with a trouble ticket system
- Prior experience configuring and managing enterprise firewalls
- Experience configuring and managing Host Intrusion Detection Systems
- Experience in planning, installing, configuring, administering, managing, and supporting Windows Servers
This position is staffed from 6:00- 4:00 GMT, seven days a week. Weekend work is required, but rotated to have a varying schedule with some weekend days off throughout the month.
Student admins generally work one of three shift schedules within the above time block.
All work is performed from a home office working with a global team.
We currently have an opening for a position for candidates available to work during our first shift. Ideal candidates will have the ability to work from 7:00-15:30 GMT. We are not currently interviewing candidates outside of this availability.
When submitting your resume, please indicate your shift(s) and days of the week availability as well as minimum salary requirements. Please also include your OSID.